Image verification system, image verification apparatus, amd image verification method

ABSTRACT

To provide an image verification system which verifies whether image data has been altered. The image verification system has an image generation apparatus, a first verification apparatus, a second verification apparatus, etc. The image generation apparatus generates image data, a hash value of the image data, and first verification data for the image data. The first verification apparatus verifies whether the image data has been altered, by using the hash value and first verification data. The first verification apparatus generates second verification data (a digital signature) for the image data if the image data has not been altered. The second verification apparatus verifies whether the image data has been altered, by using the image data and second verification data.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to a system, apparatus, method,etc. which verify whether image data generated by an image generationapparatus such as a digital camera has been altered.

[0003] 2. Related Background Art

[0004] Recently, digital cameras which store optical images of subjectsby digitizing them have been put into practical use.

[0005] Image data created by a digital camera can be captured easilyinto a personal computer, but at the same time there is the problem thatit can be altered easily on the personal computer. Consequently, imagedata created by a digital camera has the problem that it has lowerreliability than silver halide photographs and is not very admissible asevidence. Therefore, digital camera systems have recently been proposedwhich have a capability to attach a digital signature to image datacreated by a digital camera. Conventional digital camera systems aredisclosed, for example, in U.S. Pat. No. 5,499,294 and Japanese PatentLaid-Open No. 9-200730.

[0006] Normally, public-key cryptography such as RSA encryption is usedto generate digital signatures. However, the public-key cryptographysuch as RSA encryption, which involves exponent operations andmultiplication/division operations, is not good at high-speed processingand requires hundreds to thousands of times as much processing time ascommon-key cryptography such as DES. Thus, there is the problem thatconventional digital cameras with their limited computational resourceshave great difficulty in generating digital signatures. Although thereis a way to improve the performance of the computational resources ofdigital signatures extensively so that digital signatures can begenerated easily, but this is not desirable because such a method willgreatly increase the costs of the digital cameras themselves.

SUMMARY OF THE INVENTION

[0007] The present invention has been achieved to solve theabove-described problems. Its object is to provide a capability toverify whether image data generated by an image generation apparatussuch as a digital camera has been altered while reducing the costs ofthe apparatus.

[0008] An image verification system according to a preferred embodimentof the present invention includes an image generation apparatus,information processor, and first image verification apparatus, wherein:the above described image generation apparatus comprises imagegeneration means for generating image data, hash value generation meansfor generating a hash value of the above described image data, and firstverification data generation means for generating first verificationdata using the above described hash value and common information; theabove described image generation apparatus sends the above describedhash value and the above described first verification data to the abovedescribed first image verification apparatus; and the above describedfirst image verification apparatus comprises first verification meansfor verifying whether the above described image data has been altered,by using the above described hash value, the above described firstverification data, and the above described common information, andsecond verification data generation means for generating secondverification data for the above described image data using the abovedescribed hash value and secret information if the above described imagedata has not been altered.

[0009] An image verification apparatus according to a preferredembodiment of the present invention includes: verification means forverifying whether image data generated by an image generation apparatushas been altered, by using a hash value of the above described imagedata, first verification data, and common information; and verificationdata generation means for generating second verification data for theabove described image data using the above described hash value andsecret information if the above described image data has not beenaltered.

[0010] An image verification method according to a preferred embodimentof the present invention includes: a verification step of verifyingwhether image data generated by an image generation apparatus has beenaltered, by using a hash value of the above described image data, firstverification data, and common information; and a verification datageneration step of generating second verification data for the abovedescribed image data using the above described hash value and secretinformation if the above described image data has not been altered.

[0011] Still other objects of the present invention, and the advantagesthereof, will become fully apparent from the following detaileddescription of the embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

[0012]FIG. 1 is a diagram illustrating a configuration example of animage verification system according to this embodiment;

[0013]FIG. 2 is a block diagram illustrating main functional componentsof an image generation apparatus 10 according to this embodiment;

[0014]FIG. 3 is a block diagram illustrating main functional componentsof an information processor 20 according to this embodiment;

[0015]FIG. 4 is a block diagram illustrating main functional componentsof a first verification apparatus 30 according to this embodiment;

[0016]FIG. 5 is a block diagram illustrating main functional componentsof a second verification apparatus 40 according to this embodiment;

[0017]FIG. 6 composed of FIG. 6A and FIG. 6B is a diagram illustratingprocedures of the image verification system according to thisembodiment; and

[0018]FIGS. 7A and 7B are diagrams showing examples of table T1 andtable T2 respectively.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0019] A preferred embodiment of the present invention will be describedbelow with reference to the drawings.

[0020]FIG. 1 is a diagram illustrating a configuration example of animage verification system according to this embodiment.

[0021] An image generation apparatus 10 has a capability to generateimage data of subjects and a capability to generate an image file withfirst verification data. The image file with first verification datacontains image data, first verification data for the image data,additional information about the image data, a unique ID of the imagegeneration apparatus 10, and other data. The image generation apparatus10 may be an imaging apparatus such as a digital camera, digital videocamera, or scanner or an apparatus equipped with a camera unit. Also,the image generation apparatus 10 may be a facsimile machine, copier, orsimilar machine equipped with an image reading unit.

[0022] An information processor 20 has a capability to make a firstverification apparatus 30 verify the image file with first verificationdata as well as a capability to generate an image file with secondverification data. The image file with second verification data containsimage data, second verification data for the image data, additionalinformation about the image data, a unique ID of the image generationapparatus 10, and other data. The information processor 20 may be apersonal computer or other information processor.

[0023] The first verification apparatus 30 has a capability to verifywhether image data has been altered, by using the first verificationdata. Also the first verification apparatus 30 has a capability togenerate second verification data for the image data if the image datahas not been altered. The first verification apparatus 30 needs only tobe capable of making common information Kc and secret information Ks(described later) difficult to be analyzed or leaked. Thus, the firstverification apparatus 30 may be, for example, an IC card (or a storagemedium with a microprocessor) or a server computer with the informationprocessor 20 operating as a client. If the information processor 20 is aserver computer, the first verification apparatus 30 and informationprocessor 20 are connected via a network such as a LAN, a wireless LAN,a WAN, or the Internet.

[0024] The second verification apparatus 40 has a capability to verifywhether image data has been altered, by using the second verificationdata. The second verification apparatus 40 may be a personal computer orother information processor.

[0025]FIG. 2 is a block diagram illustrating main functional componentsof the image generation apparatus 10 according to this embodiment.

[0026] Reference numeral 201 denotes an image generation unit whichcomprises a photosensor—such as a CCD (charge-coupled device)—andmicroprocessor and generates image data I of a subject.

[0027] Reference numeral 203 denotes a memory which stores the commoninformation Kc. The common information Kc corresponds to a common key incommon-key cryptography (DES, Rinjdael, etc.).

[0028] Reference numeral 204 denotes a calculation unit which performsfirst and second calculation processes. The first calculation processgenerates a hash value (also called a message digest or digest data) H11of the image data I using a hash function HF1. The second calculationprocess converts the hash value H11 generated in the first calculationprocess into first verification data V11 using the common information Kcobtained from the memory 203. The first verification data V11 isequivalent to MAC (Message Authentication Code) in the image data I.Incidentally, the hash function HF1 may be an MD-2, MD-5, SHA-1,RIPEMD-128, RIPEMD-160, or other hash function.

[0029] Reference numeral 205 denotes a memory which stores a unique IDunique to the image generation apparatus 10 (e.g., the production numberor serial number of the image generation apparatus 10). The unique ID isattached to the image file with first verification data.

[0030] Reference numeral 206 denotes an image file-generating unit whichgenerates the image file IF1 with first verification data. The imagefile IF1 with first verification data contains the image data I in itsdata section and contains the hash value H11 of the image data I, firstverification data V11 of the image data I, additional information aboutthe image data I, the unique ID of the image generation apparatus 10,and other data in its header section. The file type of the image fileIF1 with first verification data may be JFIF (JPEG File InterchangeFormat), TIFF (Tagged Image File Format), or GIF (Graphics InterchangeFormat), or any of their extended versions, or other file format.

[0031] Reference numeral 207 denotes a removable medium (removablerecording medium) such as a magnetic disk, optical disk, or memory card,which stores the image file IF1 with first verification data.

[0032] Reference numeral 208 denotes a media control unit which has acapability to write the image file IF1 with first verification data intothe removable medium 207 and a capability to read the image file IF1with first verification data from the removable medium 207.

[0033] Reference numeral 209 denotes an interface unit which sends theimage file IF1 with first verification data from the removable medium207 to the information processor 20.

[0034] Reference numeral 210 denotes an operation unit which is equippedwith switches and the like for giving instructions to photograph asubject (object), generate its image data, or read the image data.

[0035] Reference numeral 211 denotes a control unit which comprises amemory and microcomputer for executing control programs stored in thememory and controls operation of various parts of the image generationapparatus 10. In particular, the memory in the control unit 211 stores aprogram which controls procedures of the image generation apparatus 10described later with reference to FIGS. 6A and 6B.

[0036]FIG. 3 is a block diagram illustrating main functional componentsof the information processor 20 according to this embodiment;

[0037] Reference numeral 301 denotes a media control unit which readsthe image file IF1 with first verification data from the removablemedium 207.

[0038] Reference numeral 309 denotes an interface unit which receivesthe image file IF1 with first verification data sent from the imagegeneration apparatus 10.

[0039] Reference numeral 302 denotes a storage unit which stores theimage file IF1 with first verification data and the image file IF2 withsecond verification data.

[0040] Reference numeral 304 denotes an interface unit which has acapability to send the hash value H11, first verification data V11, andunique ID obtained from the image file IF1 with first verification datato the first verification apparatus 30, a capability to receive secondverification data V2 sent from the first verification apparatus 30, anda capability to receive a verification result of the first verificationapparatus 30. The second verification data V2 received by the interfaceunit 304 is attached to the image file IF2 with second verificationdata.

[0041] Reference numeral 305 denotes an image file-generating unit whichgenerates the image file IF2 with second verification data. The imagefile IF2 with second verification data contains the image data I in itsdata section and contains the hash value H11 of the image data I, secondverification data V2 of the image data I, additional information aboutthe image data I, the unique ID of the image generation apparatus 10,and other data in its header section.

[0042] Reference numeral 306 denotes an interface unit which has acapability to send the image file IF2 with second verification datagenerated by the information processor 20 to an external apparatus.

[0043] Reference numeral 307 denotes a display unit which displaysinformation about the verification result produced by the firstverification apparatus 30.

[0044] Reference numeral 308 denotes a control unit which comprises amemory and microcomputer for executing control programs stored in thememory and controls various functions of the information processor 20.In particular, the memory in the control unit 308 stores a program whichcontrols procedures of the information processor 20 described later withreference to FIGS. 6A and 6B.

[0045]FIG. 4 is a block diagram illustrating main functional componentsof the first verification apparatus 30 according to this embodiment.

[0046] Reference numeral 401 denotes an interface unit which has acapability to receive the hash value H11, first verification data V11,and unique ID sent from the information processor 20, a capability tosend the verification result of the first verification apparatus 30 tothe information processor 20, and a capability to send the secondverification data V2 generated by the first verification apparatus 30 tothe information processor 20.

[0047] Reference numeral 402 denotes a storage unit which stores thehash value H11, first verification data V11, unique ID, and secondverification data V2.

[0048] Reference numeral 403 denotes a memory which stores a table T1.An example of the table T1 is shown in FIG. 7A. The table T1 is amanagement table which manages a plurality of unique IDs, commoninformation Kc corresponding to each of the unique IDs, and secretinformation Ks corresponding to each piece of common information Kc. Fora unique ID of “001”, for example, the common information Kccorresponding to the unique ID is “0×1111” and secret information Ks is“0×2222”. The common information Kc and secret information Ks are keptsecret by the first verification apparatus 30 and are not made open tothe public. The secret information Ks is equivalent to a secret key inpublic-key cryptography (such as RSA encryption).

[0049] Reference numeral 404 denotes a first calculation unit whichperforms a calculation process to convert the hash value H11 into firstverification data V12 using the common information Kc.

[0050] Reference numeral 405 denotes an image verification unit whichverifies whether the image data I has been altered, by using the firstverification data V11 and first verification data V12.

[0051] Reference numeral 406 denotes a second calculation unit whichperforms a calculation process to convert the hash value H11 into thesecond verification data V2 using the secret information Ks obtainedfrom the memory 403. The second verification data V2 is equivalent to adigital signature in the image data I.

[0052] Reference numeral 407 denotes a control unit which comprises amemory and microcomputer for executing control programs stored in thememory and controls various functions of the first verificationapparatus 30. In particular, the memory in the control unit 308 stores aprogram which controls procedures of the first verification apparatus 30described later with reference to FIGS. 6A and 6B.

[0053]FIG. 5 is a block diagram illustrating main functional componentsof the second verification apparatus 40 according to this embodiment.

[0054] Reference numeral 501 denotes an interface unit which has acapability to receive the image file IF2 with second verification datafrom an external apparatus.

[0055] Reference numeral 502 denotes a storage unit which stores theimage file IF2 with second verification data.

[0056] Reference numeral 503 denotes a memory which stores a table T2.An example of the table T2 is shown in FIG. 7B. The table T2 is amanagement table which manages a plurality of unique IDs and publicinformation Kp corresponding to each of the unique IDs. For a unique IDof “001”, for example, the public information Kp corresponding to theunique ID is “0×3333”. The public information Kp is associated with thesecret information Ks and is equivalent to a public key in public-keycryptography (such as RSA encryption).

[0057] Reference numeral 504 denotes a calculation unit which performsfirst and second calculation processes. The first calculation processconverts the second verification data V2 into a hash value H12 using thepublic information Kp. The second calculation process generates a hashvalue H13 of the image data I using the hash function HF1.

[0058] Reference numeral 506 denotes an image verification unit whichverifies whether the image data I has been altered, by using the hashvalue H12 and hash value H13 generated by the calculation unit 504.

[0059] Reference numeral 507 denotes a display unit which displaysinformation about the verification result produced by the imageverification unit 506.

[0060] Reference numeral 508 denotes a control unit which comprises amemory and microcomputer for executing control programs stored in thememory and controls various functions of the second verificationapparatus 40. In particular, the memory in the control unit 508 stores aprogram which controls procedures of the first verification apparatus 30described later with reference to FIG. 6.

[0061]FIG. 6 is a diagram illustrating procedures of the imageverification system according to this embodiment.

[0062] Step S601: The image generation unit 201 generates the image dataI of a subject according to instructions from the user.

[0063] Step S602: The calculation unit 204 generates the hash value H11of the image data I using the hash function HF1.

[0064] Step S603: The calculation unit 204 converts the hash value H11into the first verification data V11 using the common information Kcobtained from the memory 203. The first verification data V11 isequivalent to MAC in the image data I.

[0065] Step S604: The image file-generating unit 206 generates the imagefile IF1 with first verification data, containing the image data I, thehash value H11, first verification data V11, additional informationabout the image data I, unique ID of the image generation apparatus 10,and other data. The media control unit 208 writes the image file IF1into the removable medium 207.

[0066] Step S605: The user loads the image file IF1 stored on theremovable medium 207 into the information processor 20 either directlyfrom the removable medium 207 or via the interface unit 209. When loadeddirectly from the removable medium 207, the image file IF1 is read fromthe removable medium 207 and stored in the storage unit 302 by the mediacontrol unit 301. On the other hand, when loaded via the interface unit209, the image file IF1 sent from the image generation apparatus 10 tothe information processor 20 is received and stored in the storage unit302 by the interface unit 309.

[0067] Step S606: To make the image file with first verification dataverified by the first verification apparatus 30, the interface unit 304sends the hash value H11, first verification data V11, and unique ID tothe first verification apparatus 30. The interface unit 401 receivesthese data and stores them in the storage unit 402.

[0068] Step S607: With reference to the table T1 in the memory 403, thefirst calculation unit 404 acquires the common information Kc whichcorresponds to the unique ID obtained from the image file IF1.

[0069] Step S608: The first calculation unit 404 converts the hash valueH11 into the first verification data V12 using the common information Kcobtained from the memory 403.

[0070] Step S609: The image verification unit 405 verifies whether theimage data I has been altered, by comparing the first verification dataV11 and first verification data V12.

[0071] If the two versions of the first verification data match (i.e.,if integrity of the image data is verified), the image verification unit405 detects that the image data I has not been altered. Also, the imageverification unit 405 detects that the image data I has been generatedby the image generation apparatus 10. Then, the first verificationapparatus 30 informs the information processor 20 that the image data Ihas not been altered and starts generating second verification data.

[0072] On the other hand, if the two versions of the first verificationdata do not match (i.e., if integrity of the image data is notverified), the image verification unit 405 detects that the image data Ihas been altered. Then, the first verification apparatus 30 informs theinformation processor 20 that the image data I has been altered andprohibits generation of second verification data. In other words, thefirst verification apparatus 30 prohibits Step S610 and subsequentsteps.

[0073] Step S610: If it is found that the image data I has not beenaltered, the second calculation unit 406 acquires the secret informationKs which corresponds to the unique ID, with reference to the table T1 inthe memory 403.

[0074] Step S611: The second calculation unit 406 converts the hashvalue H11 into the second verification data V2 using the secretinformation Ks obtained from the memory 403. The second verificationdata V2 is equivalent to a digital signature in the image data I. Thesecond verification data V2 generated by the second calculation unit 406is stored in the storage unit 402.

[0075] Step S612: The interface unit 401 sends the second verificationdata V2 to the information processor 20. The interface unit 304 receivesthe second verification data V2 and supplies it to the file-generatingunit 305.

[0076] Step S613: The image file-generating unit 305 generates the imagefile IF2 with second verification data, containing the image data I,second verification data V2, additional information about the image dataI, unique ID and other data. The image file IF2 generated by the imagefile-generating unit 305 is stored in the storage unit 302.

[0077] Step S614: The interface unit 306 outputs the image file IF2generated by the file-generating unit 305 to an external apparatus. Onthe other hand, the interface unit 501 receives the image file IF2 fromthe external apparatus and stores it in the storage unit 502.

[0078] Step S615: With reference to the table T2 in the memory 503, thecalculation unit 504 acquires the public information Kp whichcorresponds to the unique ID obtained from the image file IF2.

[0079] Step S616: The calculation unit 504 converts the secondverification data V2 into the hash value H12 using the publicinformation Kp obtained from the memory 503.

[0080] Step S617: By using the hash function HF1, the calculation unit504 generates the hash value H13 of the image data I obtained from thestorage unit 502.

[0081] Step S618: By comparing the hash value H12 obtained in Step S616and hash value H13 obtained in Step S617, the image verification unit506 verifies whether the image data I has been altered.

[0082] If the two hash values match (i.e., if integrity of the imagedata is verified), the image verification unit 506 detects that theimage data I has not been altered. Also, the image verification unit 506detects that the image data I has been generated by the image generationapparatus 10. Then, the second verification apparatus 40 displaysinformation that the image data I has not been altered, in the displayunit 507.

[0083] On the other hand, if the two hash values do not match (i.e., ifintegrity of the image data is not verified), the image verificationunit 506 detects that the image data I has been altered. Then, thesecond verification apparatus 40 displays information that the imagedata I has been altered, in the display unit 507.

[0084] As described above, the image verification system according tothis embodiment can detect reliably whether or not the image datagenerated by the image generation apparatus 10 has been altered.

[0085] Also, since the image verification system according to thisembodiment does not need to extensively improve the performance of thecomputational resources of the image generation apparatus 10, it canreduce the costs of the image generation apparatus 10.

[0086] Also, since the first verification apparatus 30 of the imageverification system according to this embodiment verifies whether imagedata has been altered, by using the common information Kc obtained fromthe unique ID of the image generation apparatus 10, it can confirmwhether or not the image data has been generated by the image generationapparatus 10.

[0087] Also, since the second verification apparatus 40 of the imageverification system according to this embodiment verifies whether imagedata has been altered, by using the secret information Ks and publicinformation Kp obtained from the unique ID of the image generationapparatus 10, it can confirm whether or not the image data has beengenerated by the image generation apparatus 10.

[0088] Also, the image verification system according to this embodimentimplements the first verification apparatus 30 using an IC card (or astorage medium with a microprocessor) or a server computer with theinformation processor 20 operating as a client, it can thereby make thecommon information Kc and secret information Ks difficult to be analyzedor leaked and improve the security of the information.

[0089] Also, since the image verification system according to thisembodiment sends a hash value (far smaller in data amount than imagedata) of image data rather than the image data itself from theinformation processor 20 to the first verification apparatus 30, it candecrease traffic between the information processor 20 and firstverification apparatus 30, reduce memory requirements of the firstverification apparatus 30, and radically slash processing time of thefirst verification apparatus 30.

[0090] Also, since the image verification system according to thisembodiment generates image files with second verification data in theinformation processor 20 rather than in the first verification apparatus30, it can reduce loads on the first verification apparatus 30 and costsof the first verification apparatus 30.

[0091] This embodiment can be implemented when a computer executesprograms. Also, a recording medium, such as a CD-ROM, which contains theprograms, a transmission medium, such as the Internet, which transmitsthe programs, or other means of supplying the programs to the computercan also constitute an embodiment of the present invention. Theprograms, recording media, and transmission media described above arealso included in the scope of the present invention. As the storagemedium, for example, a flexible disk, hard disk, optical disk,magneto-optical disk, CD-ROM, magnetic tape, non-volatile memory card,ROM, or the like may be used.

[0092] The above-described embodiments are merely exemplary of thisinvention, and are not to be construed to limit the scope of the presentinvention.

[0093] The scope of the present invention is defined by the scope of theappended claims, and is not limited to only the specific descriptions inthis specification. Furthermore, all the modifications and changesbelonging to equivalents of the claims are considered to fall within thescope of the present invention.

What is claimed is:
 1. An image verification system comprising an imagegeneration apparatus, information processor, and first imageverification apparatus, wherein: said image generation apparatuscomprises: image generation means for generating image data, hash valuegeneration means for generating a hash value of said image data, andfirst verification data generation means for generating firstverification data using said hash value and common information; whereinsaid information processor sends said hash value and said firstverification data to said first image verification apparatus; and saidfirst image verification apparatus comprises: first verification meansfor verifying whether said image data has been altered, by using saidhash value, said first verification data, and said common information,and second verification data generation means for generating secondverification data for said image data using said hash value and secretinformation if said image data has not been altered.
 2. The systemaccording to claim 1, wherein said common information is equivalent to acommon key in common-key cryptography.
 3. The system according to claim1, wherein said secret information is equivalent to a secret key inpublic-key cryptography.
 4. The system according to claim 1, whereinsaid second verification data generation means prohibits generation ofsaid second verification data if said image data has been altered. 5.The system according to claim 1, wherein said image verification systemfurther comprises a second image generation apparatus, which in turncomprises second verification means for verifying whether said imagedata has been altered, by using said image data, said secondverification data, and public information.
 6. The system according toclaim 1, wherein said public information is equivalent to a public keyin public-key cryptography.
 7. The system according to claim 1, whereinsaid image generation apparatus is a digital camera, digital videocamera, scanner, facsimile machine, or copier.
 8. The system accordingto claim 1, wherein said first image verification apparatus is an ICcard or a storage medium with a microprocessor.
 9. The system accordingto claim 1, wherein said first image verification apparatus is a servercomputer with said information processor operating as a client.
 10. Animage verification apparatus comprising: verification means forverifying whether image data generated by an image generation apparatushas been altered, by using a hash value of said image data, firstverification data, and common information; and verification datageneration means for generating second verification data for said imagedata using said hash value and secret information if said image data hasnot been altered.
 11. The apparatus according to claim 10, wherein saidcommon information is equivalent to a common key in common-keycryptography.
 12. The apparatus according to claim 10, wherein saidsecret information is equivalent to a secret key in public-keycryptography.
 13. The apparatus according to claim 10, wherein saidverification data generation means prohibits generation of said secondverification data if said image data has been altered.
 14. The apparatusaccording to claim 10, wherein said image verification apparatus is anIC card or a storage medium with a microprocessor.
 15. The apparatusaccording to claim 10, wherein said image generation apparatus is adigital camera, digital video camera, scanner, facsimile machine, orcopier.
 16. An image verification method comprising: a verification stepof verifying whether image data generated by an image generationapparatus has been altered, by using a hash value of said image data,first verification data, and common information; and a verification datageneration step of generating second verification data for said imagedata using said hash value and secret information if said image data hasnot been altered.
 17. The method according to claim 16, wherein saidcommon information is equivalent to a common key in common-keycryptography.
 18. The method according to claim 16, wherein said secretinformation is equivalent to a secret key in public-key cryptography.19. The method according to claim 16, wherein said verification datageneration step prohibits generation of said second verification data ifsaid image data has been altered.
 20. The method according to claim 16,wherein said image verification method is executed by an IC card or astorage medium with a microprocessor.
 21. The method according to claim16, wherein said image generation apparatus is a digital camera, digitalvideo camera, scanner, facsimile machine, or copier.